ALT Linux Team

Branch sisyphus update on 2022-12-20

2022-12-20

ALT-BU-2022-7497-1

Branch sisyphus update bulletin.

ALT-PU-2022-3365-1

Package xorg-server updated to version 21.1.6-alt1 for branch sisyphus in task 311984.

Closed vulnerabilities

Published: 2022-10-17
Modified: 2024-11-21

CVE-2022-3550

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-10-17
Modified: 2024-11-21

CVE-2022-3551

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2022-3366-1

Package python3-module-nbconvert updated to version 7.2.6-alt1 for branch sisyphus in task 311157.

Closed vulnerabilities

Published: 2022-08-18
Modified: 2024-11-21

CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:

ALT-PU-2022-3367-1

Package simple-scan updated to version 42.5-alt2 for branch sisyphus in task 312016.

Closed bugs

Bug #44683

packagekit is needed by simple-scan

ALT-PU-2022-3368-1

Package kernel-image-std-def updated to version 5.15.84-alt1 for branch sisyphus in task 312006.

Closed vulnerabilities

Published: 2022-08-11

BDU:2023-00359

Уязвимость драйвера drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2022-10-17
Modified: 2024-11-21

CVE-2022-3545

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top